Playing control files for personal video recorders

ABSTRACT

The certificate with specified conditions under which copyrighted material can be played. Copyrighted material, such as videos are stored in a storage unit. They are stored along with a policy that indicates when the information can be played. The information can, for example be encrypted one stored, and the decryption key is available only when characteristics of the policy are met. When those characteristics are not met, the information can not be retrieved at all or only can be retrieved in some very limited format.

CROSS-REFERENCE

This application is a Continuation of Ser. No. 11/565,475 filed Nov. 30,2006. The disclosure of the parent application is incorporated herein byreference in its entirety.

BACKGROUND

Storing a video program for later watching has been a desirable goal ofmany systems. In the original days of video, the video stream could onlybe watched if the watcher were available at precisely the time the videostream was being broadcast. Different kinds of media for storing videosuch as video discs and the like, were eventually invented so that auser could watch video on demand. Videocassette recorders, or VCRs thenallowed video to be recorded for time shifting purposes. Even thoughthese devices allowed watchers to fast-forward over the commercials, theU.S. Supreme Court nonetheless found that recording this kind ofinformation for later viewing was in fact “fair use” of thebroadcaster's copyright.

Technology has made more sophisticated devices available. For example,the personal video recorder or digital video recorder, also known as thehome theater PC or HTPC, allows video programming to be copied from abroadcast medium, and played back later. The programs are recordeddigitally, and can be randomly selected during playback.

With the advent of digital television, the broadcasters and othercopyright holders have become increasingly concerned that the personalvideo recorder can obtain a raw digital version of the transmittedprogram and use that raw digital information to circumvent thecopyright. Different suggestions have emerged for dealing with thecopyright issue, but most of these end up putting significantrestrictions on the eventual viewing.

SUMMARY

The present application teaches different components that are usablewith personal video recorders. One aspect teaches forming a portion of arecorded program that specifies management of the allowable ways to playthe recorded program.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other aspects will now be described with reference to theaccompanying drawings, wherein:

FIG. 1 shows a block diagram of the computer system;

FIG. 2 shows a file system layout for a video;

FIG. 3 shows a flowchart of the operation of forming a policy; and

FIG. 4 shows a flowchart of playing a file.

DETAILED DESCRIPTION

A block diagram of the overall system is shown in FIG. 1. Content 100 isreceived into a personal video recorder 100 which can be any kind ofcomputer-operated system that receives content, and stores it in someway in its associated storage and/or storage processes. The content maybe any kind of multimedia, including video, audio, or other similarprogram material.

100 shows two PVR storage units 110 and 111, each of which may include avideo tuner, control parts, as well as program guides that enablestoring information. As well known in the art, there may be multipledifferent store modules, which enables the unit to record multipledifferent streams of information at the same time, for example recordingfrom multiple different channels. The PVR storage units such as 110, 111store the received information as digital information on a digitalstorage medium such as a hard drive 112. There may be one or many harddrives 112, either globally associated with individual PVR store units,or one individually associated with each PVR store unit.

120 shows the PVR playing module, which receives information from thePVR store module, and formats the stored information for eventualdisplay on a television or other viewing screen shown as 130. Theplaying module 120 may be associated with or separate from the storageunit(s).

A user interface 140 enables interacting with the storing modules 110and the playing module 120.

In the embodiment, a hard drive stores a plurality of files which aremanaged by the file system. The files generally take the form shown inFIG. 2. The multimedia portion, here video portion 200 of the file 199includes the video and audio content that was recorded from the programsource.

In the embodiment, the video that is stored by the PVR storage unit isstored in an “encrypted” form. The word encrypted is used herein torepresent any kind of change to the video stream that prevents the videostream from being directly viewed on a player without changing the videostream according to the code that was used to change the original videostream. The encrypted video used herein may be as simply encrypted as abit shift. It may use a very simple encryption algorithm, such as theCSS algorithm that is used to encrypt the video that is stored on DVDs.It also may use a much more complex algorithm such as a public keyalgorithm or other.

The video 200 is also preferably compressed, with the compressiontypically being in MPEG-2 or MPEG-4 formats. Higher resolutioninformation, such as high-definition information, may be moreaggressively compressed.

The video file 199 also includes a header 205 which is typicallyunencrypted, and gives information about the video. For example, theheader may have a file name and date, but it may also include the size,time length, and other information about the video obtained from theprogram guide information.

The video file 199 may also include a video certificate portion shown as210. This is a special kind of video certificate, quite different than aconventional digital certificate. A digital certificate is an electronicfile that includes name, a serial number, expiration dates, a copy ofthe certificate holder's public key (used for encrypting messages anddigital signatures), and a digital signature of the certificate-issuingauthority so that a recipient can verify that the certificate is real.Digital certificates may conform to the X.509 standard.

The video certificate 210 includes information that tells the player, ofwhatever form, “how” to decrypt the video, and the conditions underwhich the video can be decrypted. For example, the certificate may be inthe form of an “if . . . then” statement. As an example, the conditionsmay be in the form of the statement “if (the video is being played onnetwork FX) then, provide the key and allow decrypting with decryptionkey XY”.

The certificate may itself use any kind of encryption technique toprotect against surreptitious hacking. For example, the decryption codefor the encrypted video 200 may itself be encrypted in a way that canonly be received using some kind of secret code, or the like.

In any case, the video certificate 210 instructs how to decrypt theencrypted video, but has conditions which specify when the decryptionkey will be provided—e.g., only when decrypted video is being used inthe way intended by the copyright holder.

The personal video recorder 100 may also store identifying informationabout the environment in which the program was recorded. It stores atthe minimum information about the device 100 in which storage units 110,111 are included. The environment may also include an identifier of thenetwork 116 to which the storage unit is attached. The network may bethe network over which program information is obtained, for example. Thenetwork identifier may include for example, Mac IDs of various devicesattached to the network, or computer identifying indicia. It may be assimple as the network name or the owner name. Alternatively, it may be adetailed map of network characteristics.

The certificate 210 forms its conditional information the programowner's specifications. The owner specifications may be received as partof the program guide over the network 116, or may be embedded within theraw program data 99 that is eventually recorded. The conditions mayspecify when it is proper for the video 200 to be played back by aplayer such as 120, or any other player. Note that the player 120 may beincluded within the device 100, but may also be a separate player. Forexample, player 120 may be in a different PVR that is on the samenetwork. It may be in a different PVR that is on a different network,for example when the user is trying to stream the video to their ownplayer such as an iPod or other kind of personal player. The player 120may also be a player that belongs to someone totally unrelated to theowner of the recorder 110.

The certificate indicates when it is okay for a player 120 of any ofthose types to play the encrypted video.

The certificate also includes information from which the decryption keycan be obtained, either the key itself, part of the key, or an encryptedversion of the key. Exemplary condition statements may allow certainkinds of players. For example, the certificate may say: “if the playeris the same device that recorded the program, then playing is okay”.

If the player is associated with a different TV on the same household(presumably connected to the same network or a network to which thedevice has wire connectivity) then playing is okay.

If the playing device 120 is owned by the same owner as the owner of thestorage unit 110, then the unit may indicate that playing is ok.

Some owners may allow the program to be streamed to a personal recorder.If the unit 100 is sold, the system may specify that the new owner canalso play the programs.

The owner may play the program on unit 100, or some other unit. Theowner may be identified for example by a biometric scan for example afingerprint or other biometric type scan, or by a pin, or by asmartcard, or proximity of a cell phone.

In addition, a completely open copyright policy may be in place forexample the kind of copyright policy that might be associated with themovie trailer, or with a commercial or the like.

The policy can also require testing of the play kernel that must becarried out before playing by the kernel is enabled. This may check fora hacked play kernel, for example.

Also, when monitoring networks, it should be understood that the devicesassociated with the network may change over time when computers areturned on and off, and different devices are changed. The network may beestablished as being the same network when 40% of the nodes on thenetwork agree or some other percent less than 100%. When some percentageof the networks agree, the device may conclude that the networks are thesame.

According to an embodiment, some, but not all, of the video isencrypted. The video 200 can be considered as being made up of a numberof bit parts shown as 201, 202, 203, and 204. Each of these video partsmay be considered a frame. In the context of a compressed videosequence, there may be some frames that are more important than others.These more important frames are often called “keyframes” that is frameswhere the video scene is either completely reconstructed, or where asubstantial portion of the video is reconstructed. The keyframes may beat random areas in the video, or may be determined to occur whenevernecessary. According to the present system, the only a portion of thevideo is encrypted. For example, one frame every second may beencrypted, or all the keyframes may be encrypted, or one out of every 10keyframes may be encrypted. This sufficiently distorts the video so thatit can be watched in some form, but will not look distorted. Anadvantage of this system, however, is that it uses fewer resources arenecessary for decrypting video frames. This means that strongerencryption can be used, making it more difficult to thwart theencryption of the file in the video portion 200. Moreover, in this way,encrypted portions of the recorded portion are interspersed betweenunencrypted portions of the recorded portion.

In one embodiment, the video may be encrypted using a combination ofdifferent encryption techniques, but only certain frames need to bedecrypted in order to play.

FIGS. 3 and 4 illustrates a flowchart of operation. FIG. 3 illustratesrecording a file, which can be carried out in any of the multiplerecording processes 110, 111, under control of the user interface 140.At 300, the program information is received. This can be received asover the air (OTA) programming, over cable, into a satellite, via Wimaxor other network receiver, or in any other form. As part of receivingthe program, the system must also obtain a policy. The record process110 preferably operates such that it can not record any program withoutan associated policy. The policy can be received over the network aspart of the program guide information, or can be received as part of theprogram itself. The policy can be in the form of “if, then” statementsas described above, or other form.

At 310, an encryption key is generated, and specified parts of theoriginal program are encrypted according to the encryption key. Theencryption key may be randomly generated, or may be generated based oncharacteristics received as part of the policy, or may be encoded basedon a public key that is associated with the storage unit 110. It may usea random seed or any other well-known encryption forms. Since in thepreferred mode, only a part of the video is encrypted, the encryptionmay be extremely strong, since it can use significant computingresources. According to another mode, the entire video may be encrypted,using for example, a dedicated processor or process, e.g., using aprocessor 141.

At 315, the information is stored as an encrypted file along withdecryption information plus the policy. The decryption information pluspolicy is formed as a certificate that is associated with the encryptedvideo information. The decryption key plus policy forms information thatmust be used in order to decrypt the video.

According to another embodiment, only specified parts or layers of thevideo are encrypted, such that a reduced resolution or reduced qualityversion of the video can be played out without the decryption key. Thismay allow playing black and white or NTSC resolution without thedecryption key.

A flowchart of the player operation is shown in FIG. 4. The play kernel400 receives a number of different kinds of information including a playID 410 which may be a feature vector that indicates the parameters ofthe environment in which the play kernel 400 resides. These parametersmay be any of the parameters described above, including network name,network characteristics, owner name, hardware characteristics, or anyother characteristics of the play kernel. The play ID may be for examplea feature vector, where different aspects of the vector representdifferent characteristics of the player. The play kernel also receivesthe certificate 420 which is the certificate that is stored along withthe encrypted video. As part of receiving the certificate, thecertificate may have an applet or other kind of executable code thattests the play kernel to determine if the play kernel will actuallyexecute the policy required by the certificate. For example, this maytest to determine if the player has been hacked, or if the player is anunauthorized play kernel, one which has been separately written toattempt to bypass the policy within the certificate. Failure to pass thetest in the certificate may result in failure to play thecharacteristics.

Updates may also be downloaded at 430. For example, the certificate mayrequire updated security from the play kernel. A secure downloadcertificate at 430 may be carried out.

Another aspect may require Internet verification every specified amountof time, for example once a week. The Internet verification may be forexample via wireless, via wireless telephone, via Wimax, or via wirelessnetwork. Each specified amount of time, a test is run over the Internetto determine if the play kernel actually is executing specifiedpolicies. If the play kernel does not execute the specified policies,then the certificate is deactivated. Otherwise, the certificate isactivated for a specified amount of time after which the certificateneeds to be reactivated.

In this way, a play kernel can be used when the user is on a plane orsomewhere where they cannot obtain Internet access. However, after aspecified amount of time to player must be reactivated.

When all of the characteristics of the play car are found to be okay at440, the video may then be decrypted at 450 and played using thedecryption information contained within the certificate. If any parts ofthe test fail, then control passes to 445 which carries out a processaccording to the failure mode. One process may simply show a blackscreen or an error screen with an indication that the certificate hasfailed. Another part of the process may play a reduced quality video,for example only parts of the video, only those parts of the video thatare unencrypted, or may play a cross fade between different frameswithin the video. In this way, the user can view some parts about thevideo, but not all of it.

Conventional PVRs enable a pause function, and one problem is that thepaused frame may stay on the screen forever. A screen saver function mayenable blanking the screen after a certain amount of time. However, thismay lead to the problem that the user does not know that the TV is on.

In this embodiment, a screen saver function is carried out which enablescross fading between keyframes in a loop at 460. For example, keyframesfor 10 or 20 seconds preceding the pause time, or keyframes requiring aspecified amount of change between the pause time and some other amountof time, may be collected. A cross fade between the keyframes may becarried out at 460, or a slide show between the keyframes may be carriedout at 460. This enables what is in effect a screen saving function sothat the display screen is not harmed by the continuous frame.

One aspect involves determining the owner of the hardware that owns theplaying hardware. For example, therefore, a user can own portableplayers such as an iPod, and can peer-network to their PVR at home, anddownload the copyrighted material for them to play later on the iPod.Assuming this policy is enabled by the certificate—then this samecopyrighted material cannot be played on someone else's player. However,it can be played on the same owner's player. This in effect allows anowner to peer-network to their portable devices, or to their laptops andto be played thereon. However, it prevents that same information frombeing peer-networked to someone else's iPod or player.

The above has described storage of video, but the same techniques can beused for storing and retrieving other information, such as music. Forexample, only parts of the music may be encrypted, only specified partsof the music may be played when the policy is not met, or the music maybe played at a significantly reduced resolution.

The general structure and techniques, and more specific embodimentswhich can be used to effect different ways of carrying out the moregeneral goals are described herein.

Although only a few embodiments have been disclosed in detail above,other embodiments are possible and the inventor intends these to beencompassed within this specification. The specification describesspecific examples to accomplish a more general goal that may beaccomplished in another way. This disclosure is intended to beexemplary, and the claims are intended to cover any modification oralternative which might be predictable to a person having ordinary skillin the art. For example, other forms of media can be recorded andhandled in this way.

Also, the inventor intends that only those claims which use the words“means for” are intended to be interpreted under 35 USC 112, sixthparagraph. Moreover, no limitations from the specification are intendedto be read into any claims, unless those limitations are expresslyincluded in the claims. The computers described herein may be any kindof computer, either general purpose, or some specific purpose computersuch as a workstation. The computer may be a Pentium class computer,running Windows XP or Linux, or may be a Macintosh computer. Thecomputer may also be a handheld computer, such as a PDA, cellphone, orlaptop.

The programs may be written in C, or Java, Brew or any other programminglanguage. The programs may be resident on a storage medium, e.g.,magnetic or optical, e.g. the computer hard drive, a removable disk ormedia such as a memory stick or SD media, or other removable medium. Theprograms may also be run over a network, for example, with a server orother machine sending signals to the local machine, which allows thelocal machine to carry out the operations described herein.

Where a specific numerical value is mentioned herein, it should beconsidered that the value may be increased or decreased by 20%, whilestill staying within the teachings of the present application, unlesssome different range is specifically mentioned.

What is claimed is:
 1. A system, comprising: a storage device thatstores video information for playing, including multiple differentprograms; a playing part that receives commands over a user interface,and plays a specific program from among said different programs inresponse to a command from a user to play said specific program; saidplaying part enabling playing said specific program and also enablingpausing said specific program in response to a pause command from theuser; and responsive to said pausing, said playing part finding multipleframes, said multiple frames being only certain frames of said specificprogram prior to said pausing and less than the entire program, and saidplaying part displaying an animation between said multiple frames duringsaid pausing, said animation between said multiple frames using onlysaid multiple frames of said specific program.
 2. The system as in claim1, wherein said multiple frames of said specific program are keyframeswithin a compressed format in which the specific program is stored. 3.The system as in claim 1, wherein said multiple frames are frames withinonly a specified time within said program prior to a time of saidpausing, where said specified time is less than the entirety of saidspecific program that is prior to said pausing.
 4. The system as inclaim 3, wherein said specified time is a number of seconds.
 5. Thesystem as in claim 1, wherein said animation comprises a cross fadebetween said multiple frames.
 6. The system as in claim 1, wherein saidanimation comprises a slideshow between said multiple frames.
 7. Thesystem as in claim 1, where said storage device stores a file thatincludes information indicative of conditions under which the specificprogram is to be played, and further stores a decryption key for saidspecific program, said decryption key to be used only if said conditionsare met, where a first condition allows said decryption key to be usedif the user of a player including said playing part is the same as anowner of a first recorder on which the specific program was recordedeven if the player is not the same as the first recorder; and where asecond condition allows said decryption key to be used if the playerincluding said playing part is the same device as the first recorder onwhich the specific program was recorded even if the user of the of theplayer including said playing part is not the same as the owner of theplayer including said playing part and where both said first and secondconditions allow said decryption key to be used for decrypting saidspecific program, and where said system also includes a networking partthat allows transferring the specific program along with said file thatincludes said conditions to another device.
 8. A system, comprising: astorage device that stores multiple different programs for playing; aplaying part that receives commands over a user interface, and plays aspecific program from among said multiple different programs byproviding a video output indicative of playing of said specific programin response to a command from a user to play said specific program; saidplaying part also enabling pausing said specific program in response toa command from the user to pause said specific program; and responsiveto said command to pause said specific program, said playing partfinding multiple frames, said multiple frames being only certain framesof said specific program that are only within a specified time withinsaid program prior to a time of said pausing, where said specified timeis less than an entirety of said specific program that is prior to saidpausing, and responsive to said command to pause said specific program,said playing part displaying an animation between said multiple framesduring said pausing, said animation between said multiple frames usingonly said multiple frames of said specific program.
 9. The system as inclaim 8, wherein said multiple frames of said specific program arekeyframes within a compressed format in which the specific program isstored.
 10. The system as in claim 8, wherein said specified time is anumber of seconds.
 11. The system as in claim 8, wherein said animationcomprises a cross fade between said multiple frames.
 12. The system asin claim 8, wherein said animation comprises a slideshow between saidmultiple frames.
 13. The system as in claim 8, where said storage devicestores a file that includes information indicative of conditions underwhich the specific program is to be played, and further stores adecryption key for said specific program, said decryption key to be usedonly if said conditions are met, where a first condition allows saiddecryption key to be used if the user of a player including said playingpart is the same as an owner of a first recorder on which the specificprogram was recorded even if the player is not the same as the firstrecorder; and where a second condition allows said decryption key to beused if the player including said playing part is the same device as thefirst recorder on which the specific program was recorded even if a userof the of the player including said playing part is not the same as theowner of the player including said playing part and where both saidfirst and second conditions allow said decryption key to be used fordecrypting said specific program, and where said system also includes anetworking part that allows transferring the specific program along withsaid file that includes said conditions to another device.